package com.yonyou.ucf.mdf.app.isvdxq.utils;

import java.util.regex.Pattern;

public class XssCleanUtil {
    private static final String KEY_SCRIPT_SCRIPT = "<script>(.*?)</script>";
    private static final String KEY_SRC = "src[\r\n]*=[\r\n]*\\'(.*?)\\'";
    private static final String KEY_SCRIPT = "</script>";
    private static final String KEY_START_SCRIPT = "<script(.*?)>";
    private static final String KEY_EVAL = "eval\\((.*?)\\)";
    private static final String KEY_EXPRESSION = "e\u00adxpression\\((.*?)\\)";
    private static final String KEY_JAVASCRIPT = "javascript:";
    private static final String KEY_VB_SCRIPT = "vbscript:";
    private static final String KEY_ONLOAD = "onload(.*?)=";
    private static Pattern scriptScriptPattern = Pattern.compile("<script>(.*?)</script>", 2);
    private static Pattern srcPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42);
    private static Pattern scriptEndPattern = Pattern.compile("</script>", 2);
    private static Pattern scriptStartPattern = Pattern.compile("<script(.*?)>", 42);
    private static Pattern evalPattern = Pattern.compile("eval\\((.*?)\\)", 42);
    private static Pattern expressionPattern = Pattern.compile("e\u00adxpression\\((.*?)\\)", 42);
    private static Pattern javascriptPattern = Pattern.compile("javascript:", 2);
    private static Pattern vbScriptPattern = Pattern.compile("vbscript:", 2);
    private static Pattern onloadPattern = Pattern.compile("onload(.*?)=", 42);

    public XssCleanUtil() {
    }

    public static String cleanXSS(String value) {
        if (value != null) {
            value = value.replaceAll("", "");
            value = scriptScriptPattern.matcher(value).replaceAll("");
            value = srcPattern.matcher(value).replaceAll("");
            value = srcPattern.matcher(value).replaceAll("");
            value = scriptEndPattern.matcher(value).replaceAll("");
            value = scriptStartPattern.matcher(value).replaceAll("");
            value = evalPattern.matcher(value).replaceAll("");
            value = expressionPattern.matcher(value).replaceAll("");
            value = javascriptPattern.matcher(value).replaceAll("");
            value = vbScriptPattern.matcher(value).replaceAll("");
            value = onloadPattern.matcher(value).replaceAll("");
            return value;
        } else {
            return null;
        }
    }
}
